Okta Spoke Fails to Refresh Access Token: 'unauthorized_client' Error Due to Missing Grant Type ConfigurationIssue When the access token has expired and a refresh token is available, any action using the Okta Spoke in ServiceNow should ideally trigger automatic token refresh. However, the token refresh attempt fails, and the following error is returned: { "error": "unauthorized_client", "error_description": "The client is not authorized to use the provided grant type. Configured grant types: [authorization_code]."}ReleaseN/ACauseThis error occurs when the OAuth client (as configured in Okta) does not support the refresh_token grant type. While ServiceNow correctly attempts to use the refresh token flow, the token endpoint responds with an error because the OAuth client is only configured for the authorization_code grant type, and not for refresh_token. Here’s an example of the request being sent: POST /tokenContent-Type: application/x-www-form-urlencoded refresh_token=exampleRefreshToken123&grant_type=refresh_token&scope=exampleScope&client_secret=exampleClientSecret456&client_id=exampleClientId789 Response: { "error": "unauthorized_client", "error_description": "The client is not authorized to use the provided grant type. Configured grant types: [authorization_code]."}ResolutionThis issue is not caused by ServiceNow. The error originates from the Okta authorization server configuration. You need to collaborate with your Okta team to ensure that the OAuth client is configured to support the refresh_token grant type. Once the appropriate grant types are enabled in Okta, the token refresh mechanism in ServiceNow will work as expected.